CVE-2005-1992 Information

Description

The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets an invalid default value that prevents \security protection\ using handlers which allows remote attackers to execute arbitrary commands.

Reference

http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-core/5237 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=315064 http://lists.apple.com/archives/security-announce/2005/Sep/msg00002.html http://secunia.com/advisories/16920/ http://www.auscert.org.au/5509 http://www.ciac.org/ciac/bulletins/p-312.shtml http://www.debian.org/security/2005/dsa-748 http://www.kb.cert.org/vuls/id/684913 http://www.novell.com/linux/security/advisories/2005_18_sr.html http://www.redhat.com/support/errata/RHSA-2005-543.html http://www.securityfocus.com/bid/14016 http://www2.ruby-lang.org/en/20050701.html https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10819